Security
Audits
Pharaoh Architecture
Pharaoh is built on Ramses V3 Core, which is based on Uniswap V3, with several enhancements. These improvements include dynamic system and protocol fee mechanisms and x(3,3). Ramses V3 Core also introduces a new accounting system to track how much active liquidity each concentrated liquidity position provides.
Audits
Spearbit
Shadow Exchange x(3,3) Audit Report
| Reviewer | Scope | Review period | Report date | Findings | Status |
|---|---|---|---|---|---|
| Cantina Managed | Shadow Exchange x(3,3) codebase, commit 49202a1a | Dec 24-28 | Jan 20, 2025 | 17 total: 0 critical, 1 high, 2 medium, 6 low, 8 informational | 11 fixed, 6 acknowledged |
This report reviewed Shadow Exchange's x(3,3) codebase, not a full Pharaoh-specific deployment. Pharaoh references this review because of its relevance to the x(3,3) architecture. Users should review the report alongside Pharaoh-specific audits, deployed contract addresses, and any protocol-level modifications made after the reviewed commit.
Consensys Diligence
Ramses V3 CLMM Audit Report
| Reviewer | Scope | Review period | Report date | Findings | Status |
|---|---|---|---|---|---|
| Consensys Diligence | Ramses V3 CLMM smart contracts, commit 061c142c5f53e4d3d19d9caf8b093a837062cc17 | July-Sept 2024 | Aug 2024 | 25 total: 1 critical, 2 major, 3 medium, 5 minor, 14 informational/general | 18 fixed, 2 partially addressed, 5 acknowledged |
The Consensys Diligence Ramses V3 audit identified several important concentrated-liquidity accounting issues, including one critical reward-accounting vulnerability that was fixed.
The report also noted limited test coverage and recommended additional testing and fuzzing before production deployment. Pharaoh should clarify which fixes are included in its deployed contracts and whether any acknowledged or partially addressed issues remain relevant to Pharaoh users.
Security Competition
Code4rena
Ramses V3 CLMM Contest Report
| Reviewer | Scope | Review period | Report date | Findings | Status |
|---|---|---|---|---|---|
| Code4rena | Ramses Exchange smart contract system; 10 Solidity contracts / 2,250 LOC | Oct 8-29 | Dec 3, 2024 | 2 Medium findings; 0 High; 0 Critical; 12 low / non-critical issues summarized | Mitigation review found 1 additional Medium issue, later fixed and verified |
The Code4rena Ramses Exchange audit found two Medium-severity issues: one involving inflated gauge rewards when periods are skipped, and one involving incorrect protocol fee calculation in the flash loan function. A follow-up mitigation review found an additional skipped-period issue in
swap(), which was fixed and verified. Pharaoh should clarify whether its deployed contracts include the final verified Ramses V3 fixes.
Additional Security Coverage
- Specialized Testing Review by 100Proof via Code4rena
- Post-Competition CL Audit by Zenith Mitigation
- Private Development Review by yAudit
- Testing Review with Spearbit researchers